Commit Graph

218 Commits

Author SHA1 Message Date
Michal Privoznik
6326865e6b virtestmock: Print invalid file accesses into a file
All the accesses to files outside our build or source directories
are now identified and appended into a file for later processing.
The location of the file that contains all the records can be
controlled via VIR_TEST_FILE_ACCESS env variable and defaults to
abs_builddir "/test_file_access.txt".

The script that will process the access file is to be added in
next commit.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:46:23 +02:00
Jiri Denemark
8d8f65f0a8 Add qemucapsprobe in .gitignore
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-05 10:09:59 +02:00
Andrea Bolognani
a77720f8b8 maint: Ignore all .init, .service and .socket files
All files with those extensions are generated, so we can have
three generic rules instead of explicitly ignoring every single
instance.
2016-05-03 15:58:09 +02:00
Andrea Bolognani
0f4bd97f9c maint: Don't ignore libvirtd.pod any longer
Starting from commit 5b479f3b5b, libvirtd.pod is a source file
rather than a generated file. Update ignore patterns accordingly.
2016-05-03 15:10:27 +02:00
Cole Robinson
4b98948366 gitignore: ignore virt(log|lock)d.(service|socket) 2016-05-03 08:58:30 -04:00
Andrea Bolognani
10ef8c66ee maint: Ignore all intermediate and generated man pages
Since commit 9b77ce63f1 we create a .in file while building all
man pages, including those in the tools/ directory; update the
ignore patterns to take this change into account.

The new ignore patterns are generic enough that we can get rid of
a few existing ones as well.
2016-04-26 09:20:12 +02:00
Cole Robinson
3b9100a4d2 Revert "daemon: use socket activation with systemd"
This reverts commit 1e9808d3a1.

We shouldn't advertise libvirtd.socket activation, since currently
it means VM/network/... autostart won't work as expected.

We tried to find a middle ground by installing the config file without
an [Install] section, since systemd won't allow .socket to be enabled
without one... or at least it did do that; presently on f24 it allows
activating the socket quite happily. This also caused user confusion[1]

Just remove the socket file. I've filed a new RFE to track coming up
with a solution to the autostart problem[2], we can point users at that
if there's more confusion:

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1279348
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1326136
2016-04-20 08:53:38 -04:00
Erik Skultety
6409578790 virt-admin: Introduce first working skeleton
This patch introduces virt-admin client which is based on virsh client,
but had to reimplement several methods to meet virt-admin specific needs
or remove unnecessary virsh specific logic.
2015-11-30 09:44:28 +01:00
Erik Skultety
a20b623748 libvirt: introduce libvirt/libvirt-common.h.in
As it turned out, we need to share some enums and declarations between
libvirt.h and libvirt-admin.h, but since our policy forbids direct includes of
libvirt*.h, there has to be some header exempt from this rule. This patch moves
the relevant part of code from libvirt.h.in to libvirt-common.h.in. Moreover,
since there is no need to have libvirt.h generated anymore, introduce a new
header libvirt.h which was previosly ignored from git and make the common
header ignored and generated instead.
2015-11-30 09:36:19 +01:00
Daniel P. Berrange
323a329b26 Import stripped down virtlockd code as basis of virtlogd
Copy the virtlockd codebase across to form the initial virlogd
code. Simple search & replace of s/lock/log/ and gut the remote
protocol & dispatcher. This gives us a daemon that starts up
and listens for connections, but does nothing with them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-26 14:28:55 +00:00
Michal Privoznik
ea65fdba7f .gitignore: Ignore the correct rename example binary
In e755186c5c we tried to introduce an example demonstrating
new virDomainRename API. Unfortunately, in the .gitignore we had
a different binary listed. It's 'rename' binary which we want git
to ignore, not 'test'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-07 10:40:55 +02:00
Martin Kletzander
e755186c5c Add example that renames domain there and back
And in the middle it prints out its name to demonstrate changes in later
patch(es).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-04 18:55:01 +02:00
Martin Kletzander
14d84db863 Add generated libvirt_admin.syms into .gitignore
Commit a2c5d16a70 switched to generating
libvirt_admin.syms, but forgot to add the generated file into
.gitignore, hence causing tree pollution post-build.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-20 11:17:27 -07:00
Martin Kletzander
220393bfb0 Revert "Example virt-admin"
This reverts commit 4e7ccf8713.

I mistakenly pushed it along with the Admin API series.
2015-06-16 14:08:23 +02:00
Martin Kletzander
4e7ccf8713 Example virt-admin
You had only one job.  That's what you can say about this example
binary.  In future, parts of virsh that are usable for this binary
should be split into separate shell-utils and virt-admin should gain all
the cool features of virsh without too much code addition.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:21 +02:00
Martin Kletzander
878bf2a3c9 Add XML files with admin API specification
No online docs are build from it since it doesn't really fit into our
document structure and new page will need to be created for it, but this
is at least a heads-up commit for easier parsing in order to build some
documentation (or python bindings) later on.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Martin Kletzander
fb5a0d3388 Build client headers for admin protocol
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Martin Kletzander
8c8bed02af Add admin protocol
For now there are only CONNECT_OPEN and CONNECT_CLOSE procedures.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Andrea Bolognani
10525df616 maint: Ignore Vim swap files
This removes some noise when you're working on the repository
and also have a bunch of source files open in Vim in another
terminal.
2015-05-13 08:39:14 -06:00
Pavel Hrdina
bb3cc43cd4 main: add new generated files to .gitignore
This means new libxl-lockd.conf and libxl-sanlock.conf

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-04-30 18:39:34 +02:00
Jim Fehlig
f7a30375bd Revert "src/xenconfig: Xen-xl parser"
This reverts commit 2c78051a14.

Conflicts:
	src/Makefile.am

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-12 10:15:13 -07:00
Kiarie Kahurani
2c78051a14 src/xenconfig: Xen-xl parser
Introduce a Xen xl parser

This parser allows for users to convert the new xl disk format and
spice graphics config to libvirt xml format and vice versa. Regarding
the spice graphics config, the code is pretty much straight forward.
For the disk {formating, parsing}, this parser takes care of the new
xl format which include positional parameters and key/value parameters.
In xl format disk config a <diskspec> consists of parameters separated by
commas. If the parameters do not contain an '=' they are automatically
assigned to certain options following the order below

   target, format, vdev, access

The above are the only mandatory parameters in the <diskspec> but there
are many more disk config options. These options can be specified as
key=value pairs. This takes care of the rest of the options such as

  devtype, backend, backendtype, script, direct-io-safe,

The positional paramters can also be specified in key/value form
for example

    /dev/vg/guest-volume,,hda
    /dev/vg/guest-volume,raw,hda,rw
    format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume

are interpleted to one config.

In xm format, the above diskspec would be written as

phy:/dev/vg/guest-volume,hda,w

The disk parser is based on the same parser used successfully by
the Xen project for several years now.  Ian Jackson authored the
scanner, which is used by this commit with mimimal changes.  Only
the PREFIX option is changed, to produce function and file names
more consistent with libvirt's convention.

Signed-off-by: Kiarie Kahurani <davidkiarie4@gmail.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-03 22:41:07 -07:00
Martin Kletzander
a17bfd6304 gitignore: use wildcard for configure's temporary files
Pushed as trivial and pre-ACK'd here:

https://www.redhat.com/archives/libvir-list/2014-November/msg00180.html

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-11-06 16:56:21 +01:00
Martin Kletzander
4601594c4d add temporary compilation files into .gitignore
When using git-status during configure phase, three additional files are
shown as untracked.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-11-06 15:13:55 +01:00
Martin Kletzander
1e9808d3a1 daemon: use socket activation with systemd
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-22 09:12:14 +02:00
Michal Privoznik
28d54aab05 examples: Introduce domtop
There's this question on the list that is asked over and over again.
How do I get {cpu, memory, ...} usage in percentage? Or its modified
version: How do I plot nice graphs like virt-manager does?

It would be nice if we have an example to inspire people. And that's
what domtop should do. Yes, it could be written in different ways, but
I've chosen this one as I think it show explicitly what users need to
implement in order to imitate virt-manager's graphing.

Note: The usage is displayed from host perspective. That is, how much
host CPUs the domain is using. But it should be fairly simple to
switch do just guest CPU usage if needed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-18 16:39:54 +02:00
Daniel P. Berrange
60c343f688 Add pkg-config files to allow deps to build against source tree
When testing language bindings it is useful to be able to build
them against an uninstalled libvirt source tree. Add a dummy
set of pkg-config files to allow for this. This can be used by
setting

  export PKG_CONFIG_PATH=/path/to/libvirt/git/src

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-06-23 16:17:55 +01:00
Daniel P. Berrange
65d8c92a75 Add pkg-config files for libvirt-qemu & libvirt-lxc
For some reason there have never been pkg-config files created
for the libvirt-qemu.so and libvirt-lxc.so libraries.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-06-23 16:17:27 +01:00
Sahid Orentino Ferdjaoui
b21795bb5b Add a new example to illustrate domain migration
This commit adds a new example to illustrate peer to
peer domain migration with virDomainMigrateToURI.

Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
2014-04-30 14:29:07 +01:00
Martin Kletzander
db272ebf9d tests: cleanup object-locking test
When ran, cil is throwing out some errors and warnings for obsolete
'or' unused variables and wrong module name (it should not contain a
hyphen; hence the rename).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-18 10:20:49 +01:00
Daniel P. Berrange
dd6deb391c Wildcard ignore tests/*test instead of listing every one
There is a forever growing list of test cases. It is just
not worth listing each one individually when a wildcard
can do the job.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 13:22:17 +00:00
Ján Tomko
855e9faa19 Add tests for virUSBDeviceFind functions
Mock the /sys/bus/usb directory and test the finding
(and not finding) of some USB devices.
2014-03-03 14:35:22 +01:00
Eric Blake
028dd2b81e build: ignore cygwin toolchain droppings
The cygwin compiler automatically creates a '*.exe.manifest'
companion file for any .exe file that contains a substring
that would otherwise cause newer Windows to pester users about
needing admin rights (such as "update", "instal", "setup"...).
This means that compilation on cygwin left behind
tests/networkxml2xmlupdatetest.exe.manifest.

* .gitignore: Ignore manifest files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-26 12:59:50 -07:00
Daniel P. Berrange
432a3fee3b Rename virDomainGetRootFilesystem to virDomainGetFilesystemForTarget
The virDomainGetRootFilesystem method can be generalized to allow
any filesystem path to be obtained.

While doing this, start a new test case for purpose of testing various
helper methods in the domain_conf.{c,h} files, such as this one.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-20 15:50:46 +00:00
Cédric Bosdonnat
7195c807b2 LXC driver: started implementing connectDomainXMLFromNative
This function aims at converting LXC configuration into a libvirt
domain XML description to help users migrate from LXC to libvirt.

Here is an example of how the lxc configuration works:
virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/migrate_test/config

It is possible that some parts couldn't be properly mapped into a
domain XML fragment, so users should carefully review the result
before creating the domain.

fstab files in lxc.mount lines will need to be merged into the
configuration file as lxc.mount.entry.

As we can't know the amount of memory of the host, we have to set a
default value for max_balloon that users will probably want to adjust.
2014-02-12 17:52:46 +00:00
Pradipta Kr. Banerjee
eb64e8752b vircapstest: Introduce virCapabilitiesGetCpusForNodemask test
This test creates a Fake NUMA topology with non-sequential cell ids
to check if libvirt properly handles the same

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com>
2014-02-11 14:44:20 +00:00
John Ferlan
02bf6568f4 tests: Add test for new virkmod functions
Adding tests for new virKMod{Config|Load|Unload}() API's.

A test for virKModIsBlacklisted() would require some setup which cannot
be assumed.
2014-02-04 08:59:37 -05:00
Osier Yang
6fdece9a33 tests: Add tests for scsi utils
This creates the basic unit tests for the scsi utils.

Signed-off-by: Osier Yang <jyang@redhat.com>
2014-01-30 15:50:37 +08:00
Yuto KAWAMURA(kawamuray)
4f32c5f793 Introduce Libvirt Wireshark dissector
Introduce Wireshark dissector plugin which adds support to Wireshark
for dissecting libvirt RPC protocol.
Added following files to build Wireshark dissector from libvirt source
tree.
* tools/wireshark/*: Source tree of Wireshark dissector plugin.

Added followings to configure.ac or Makefile.am.
configure.ac
* --with-wireshark-dissector: Enable support for building Wireshark
  dissector.
* --with-ws-plugindir: Specify wireshark plugin directory that dissector
  will installed.
* Added tools/wireshark/{Makefile,src/Makefile} to  AC_CONFIG_FILES.
Makefile.am
* Added tools/wireshark/ to SUBDIR.
2014-01-20 17:09:41 +01:00
Eric Blake
31d43dc578 maint: ignore transient files during tests
I ran 'git add .' for a patch in progress, while in the middle
of running 'make check' to test my work, and was surprised when
it picked up some files I wasn't expecting.

* .gitignore: Ignore *.pem.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-14 14:31:13 -07:00
Michal Privoznik
e26cae6b85 examples: Resurrect domsuspend example
This partially reverts 5eb4b04211 and 62774afb6b.

Rewrite the domsuspend example from scratch. This time do it right.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:17:35 +01:00
Daniel P. Berrange
950c2a550f Move examples/domain-events/event-c to examples/object-events
The domain events demo program isn't really tied to domain
events anymore, so rename it to object events.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Cédric Bosdonnat
b775b48e94 Added domain start/stop/define/undefine event unit tests
These unit tests are aiming at providing some help during the domain
events refactoring.
2013-12-10 11:23:20 +00:00
Peter Krempa
5eb4b04211 examples: Remove broken bad example
The domsuspend example code is a really old and bad exmample of (how not
to use) the libvirt API. Remove it as it's apparent that nobody tried to
use it. It was broken and nobody complained.
2013-12-04 18:56:06 +01:00
Daniel P. Berrange
d45b833d14 Pull lxcContainerGetSubtree out into shared virfile module
Move the code for lxcContainerGetSubtree into the virfile
module creating 2 new functions

  int virFileGetMountSubtree(const char *mtabpath,
                             const char *prefix,
                             char ***mountsret,
                             size_t *nmountsret);
  int virFileGetMountReverseSubtree(const char *mtabpath,
                                    const char *prefix,
                                    char ***mountsret,
                                    size_t *nmountsret);

Add a new virfiletest.c test case to validate the new code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Daniel P. Berrange
a7a1244a73 Remove python binding
The python binding now lives in

  http://libvirt.org/git/?p=libvirt-python.git

that repo also provides an RPM which is upgrade compatible
with the old libvirt-python sub-RPM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-25 16:08:00 +00:00
Michal Privoznik
d770618842 tests: Introduce virpcitest
Among with this test introduce virpcimock as we need to mock some
syscalls, e.g. redirect open() of a file under /sys/bus/pci to a
stub sysfs tree.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-11-04 14:56:56 +01:00
Martin Kletzander
52f42a9746 Ignore GNU Global tag files
... the same way we ignore other TAGS

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-10-23 10:06:21 +01:00
Daniel P. Berrange
5787f0b95e Fix flaw in detecting log format
The log message regex has been

[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug|info|warning|error :

The precedence of '|' is high though, so this is equivalent to matching

   [0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug

Or

   info

Or

   warning

Or

   error :

Which is clearly not what it should have done. This caused the code to
skip over things which are not log messages. The solution is to simply
add brackets.

A test case is also added to validate correctness.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Michal Privoznik
63857eb4a0 tests: Introduce qemucapabilitiestest
This test is there to ensure that our capabilities detection code isn't
broken somehow.

How to gather test data:

Firstly, the data is split into two separate files. The former (with
suffix .replies) contains all the qemu replies. This is very fragile as
introducing a new device can mean yet another monitor command and hence
edit of this file in the future. But there's no better way of doing
this. To get this data simply turn on debug logs and copy all the
QEMU_MONITOR_IO_PROCESS lines. But be careful to not copy incomplete
ones (yeah, we report some incomplete lines too). Long story short, at
the libvirtd startup, a dummy qemu is spawn to get all the capabilities.

The latter (with suffix .caps) contains capabilities XML. Just start a
domain and copy the corresponding part from its state XML file.
Including <qemuCaps> tag.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-10-01 11:13:36 +02:00
Doug Goldstein
7457cbe871 VMware: Make version parsing testable and add tests
This splits up the version parsing code into a callable API like QEMU
help/version string parsing so that we can test it as we need to add
additional patterns for newer versions/products.
2013-09-20 08:23:31 -05:00
Eric Blake
ceaa536d49 maint: ignore recently-added test
* .gitignore: Ignore metadatatest.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 10:24:41 -06:00
Eric Blake
7f626e478d build: use automake subdir-objects
Automake 2.0 will enable subdir-objects by default; in preparation
for that change, automake 1.14 outputs LOADS of warnings:

daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
automake-1.14: warning: possible forward-incompatibility.
automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
automake-1.14: automake option hasn't been enabled.  For now, the corresponding output
automake-1.14: object file(s) will be placed in the top-level directory.  However,
automake-1.14: this behaviour will change in future Automake versions: they will
automake-1.14: unconditionally cause object files to be placed in the same subdirectory
automake-1.14: of the corresponding sources.
automake-1.14: You are advised to start using 'subdir-objects' option throughout your
automake-1.14: project, to avoid future incompatibilities.
daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
...

As automake 1.9 also supported this option, and the previous patches
fixed up the code base to work with it, it is safe to now turn it on
unconditionally.

* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
* .gitignore: Ignore .dirstamp directories.
* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
new subdir-object location of .lo files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-09 12:04:03 -06:00
Daniel P. Berrange
da13f2c70c Add documentation for access control system
This adds two new pages to the website, acl.html describing
the general access control framework and permissions models,
and aclpolkit.html describing the use of polkit as an
access control driver.

page.xsl is modified to support a new syntax

  <div id="include" filename="somefile.htmlinc"/>

which will cause the XSL transform to replace that <div>
with the contents of 'somefile.htmlinc'. We use this in
the acl.html.in file, to pull the table of permissions
for each libvirt object. This table is autogenerated
from the enums in src/access/viraccessperms.h by the
genaclperms.pl script.

newapi.xsl is modified so that the list of permissions
checks shown against each API will link to the description
of the permissions in acl.html

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 17:13:02 +01:00
Daniel P. Berrange
38550ae809 Add an example config file for virtlockd
The virtlockd daemon supports an /etc/libvirt/virtlockd.conf
config file, but we never installed a default config, nor
created any augeas scripts. This change addresses that omission.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 15:03:04 +01:00
Daniel P. Berrange
6ff0cffd55 Add a man page for virtlockd daemon
Create a virtlockd.pod.in file containing the man page
content for virtlockd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 11:56:34 +01:00
Dan Walsh
54d69f540c Introduce a virt-login-shell binary
Add a virt-login-shell binary that can be set as a user's
shell, such that when they login, it causes them to enter
the LXC container with a name matching their user name.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 16:36:31 +01:00
Daniel P. Berrange
664ab2801d Add info about access control checks into API reference
So that app developers / admins know what access control checks
are performed for each API, this patch extends the API docs
generator to include details of the ACLs for each.

The gendispatch.pl script is extended so that it generates
a simple XML describing ACL rules, eg.

  <aclinfo>
    ...
    <api name='virConnectNumOfDomains'>
      <check object='connect' perm='search_domains'/>
      <filter object='domain' perm='getattr'/>
    </api>
    <api name='virDomainAttachDeviceFlags'>
      <check object='domain' perm='write'/>
      <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
      <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
    </api>
    ...
  </aclinfo>

The newapi.xsl template loads the XML files containing the ACL
rules and generates a short block of HTML for each API describing
the parameter checks and return value filters (if any).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 11:59:46 +01:00
Peter Krempa
5c94dfdd76 tests: Add qemuagenttest
Add a basic test framework with two simple tests to test guest agent
interaction.
2013-07-31 14:25:43 +02:00
Daniel P. Berrange
dff93f8cab Add API for calling systemd-machined's DBus API
To register virtual machines and containers with systemd-machined,
and thus have cgroups auto-created, we need to talk over DBus.
This is somewhat tedious code, so introduce a dedicated function
to isolate the DBus call in one place.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-22 13:09:58 +01:00
Daniel P. Berrange
834c9c9459 Introduce virDBusCallMethod & virDBusMessageRead methods
Doing DBus method calls using libdbus.so is tedious in the
extreme. systemd developers came up with a nice high level
API for DBus method calls (sd_bus_call_method). While
systemd doesn't use libdbus.so, their API design can easily
be ported to libdbus.so.

This patch thus introduces methods virDBusCallMethod &
virDBusMessageRead, which are based on the code used for
sd_bus_call_method and sd_bus_message_read. This code in
systemd is under the LGPLv2+, so we're license compatible.

This code is probably pretty unintelligible unless you are
familiar with the DBus type system. So I added some API
docs trying to explain how to use them, as well as test
cases to validate that I didn't screw up the adaptation
from the original systemd code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-22 13:09:58 +01:00
Michal Privoznik
0fc12bca08 tests: Introduce qemuhotplugtest
As my punishment for the break in 7f15ebc7 (fixed in 752596b5dd) I'm
introducing this test to make sure it won't happen again. Currently,
only test for <graphics/> is supported.
2013-06-25 17:00:56 +02:00
Daniel P. Berrange
686026225e Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.

- 'aclheader' - defines signatures of helper APIs for
  doing authorization checks. There is one helper API
  for each API requiring an auth check. Any @acl
  annotations result in a method being generated with
  a suffix of 'EnsureACL'. If the ACL check requires
  examination of flags, an extra 'flags' param will be
  present. Some examples

  extern int virConnectBaselineCPUEnsureACL(void);
  extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
  extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);

  Any @aclfilter annotations resuilt in a method being
  generated with a suffix of 'CheckACL'.

  extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);

  These are used for filtering individual objects from APIs
  which return a list of objects

- 'aclbody' - defines the actual implementation of the
  methods described above. This calls into the access
  manager APIs. A complex example:

    /* Returns: -1 on error (denied==error), 0 on allowed */
    int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
                                            virDomainDefPtr domain,
                                            unsigned int flags)
    {
        virAccessManagerPtr mgr;
        int rv;

        if (!(mgr = virAccessManagerGetDefault()))
            return -1;

        if ((rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
            (rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
            (rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        virObjectUnref(mgr);
        return 0;
    }

- 'aclsyms' - generates a linker script to export the
   APIs to drivers. Some examples

  virConnectBaselineCPUEnsureACL;
  virConnectCompareCPUEnsureACL;

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:19 +01:00
Daniel P. Berrange
b904bba7f4 Add a policy kit access control driver
Add an access control driver that uses the pkcheck command
to check authorization requests. This is fairly inefficient,
particularly for cases where an API returns a list of objects
and needs to check permission for each object.

It would be desirable to use the polkit API but this links
to glib with abort-on-OOM behaviour, so can't be used. The
other alternative is to speak to dbus directly

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:24:36 +01:00
Eric Blake
de483052a2 maint: follow recommended practice for using LGPL
https://www.gnu.org/licenses/gpl-howto.html states:

You should also include a copy of the license itself somewhere in the
distribution of your program. All programs, whether they are released
under the GPL or LGPL, should include the text version of the GPL. In
GNU programs the license is usually in a file called COPYING.

If you are releasing your program under the LGPL, you should also
include the text version of the LGPL, usually in a file called
COPYING.LESSER. Please note that, since the LGPL is a set of
additional permissions on top of the GPL, it's important to include
both licenses so users have all the materials they need to understand
their rights.

* configure.ac (COPYING): No more games with non-git file.
* COPYING: New file, copied from gnulib.
* COPYING.LIB: Rename...
* COPYING.LESSER: ...to this.
* .gitignore: Track licenses in git.
* cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak
rule.
* libvirt.spec.in (daemon, client, python): Reflect rename.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:15:21 -06:00
Ján Tomko
a011479d47 .gitignore: add fchosttest 2013-05-13 17:16:54 +02:00
Daniel P. Berrange
31989e66c6 Add a test case for the fdstream file read/write code
Add a test case which exercises the virFDStreamOpenFile
and virFDStreamCreateFile methods. Ensure that both the
synchronous and non-blocking iohelper code paths work.
This validates the regression recently fixed which
broke reading in non-blocking mode

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-10 19:57:18 +01:00
Daniel P. Berrange
d14524701a Add a test suite for cgroups functionality
Some aspects of the cgroups setup / detection code are quite subtle
and easy to break. It would greatly benefit from unit testing, but
this is difficult because the test suite won't have privileges to
play around with cgroups. The solution is to use monkey patching
via LD_PRELOAD to override the fopen, open, mkdir, access functions
to redirect access of cgroups files to some magic stubs in the
test suite.

Using this we provide custom content for the /proc/cgroup and
/proc/self/mounts files which report a fixed cgroup setup. We
then override open/mkdir/access so that access to the cgroups
filesystem gets redirected into files in a temporary directory
tree in the test suite build dir.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:31 +01:00
Daniel P. Berrange
15d8511b41 Add a test suite for keycode mapping functions
Validate that translations between different keycode sets
are functioning.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-08 10:03:20 +01:00
Gene Czarcinski
1cd2078c88 rename tests/conftest.c
To prevent confusion with configure's popular name
for a file, rename conftest.c to test_conf.c which
is consistent with the invoking test_conf.sh
Signed-off-by: Gene Czarcinski <gene@czarc.net>
2013-03-19 13:13:28 -06:00
Daniel P. Berrange
3aabe27247 Define internal APIs for managing identities
Introduce a local object virIdentity for managing security
attributes used to form a client application's identity.
Instances of this object are intended to be used as if they
were immutable, once created & populated with attributes

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:37:37 +00:00
Doug Goldstein
24cf110e48 Add autogenerated lxc_protocol.[ch] to gitignore
/src/lxc/lxc_protocol.[ch] is autogenerated so add it to .gitignore
2013-02-18 08:57:57 -06:00
Eric Blake
a18452d0d2 storage: test backing chain traversal
Testing our backing chain handling will make it much easier to
ensure that we avoid issues in the future.  If only I had written
this test before I first caused several regressions...

* tests/virstoragetest.c: New test.
* tests/Makefile.am (test_programs): Build it.
* .gitignore: Ignore new files.
2013-02-15 16:07:01 -07:00
Eric Blake
c6f1060ca7 util: add virendian.h macros
We have several cases where we need to read endian-dependent
data regardless of host endianness; rather than open-coding
these call sites, it will be nicer to funnel things through
a macro.

The virendian.h file can be expanded to add writer functions,
and/or 16-bit access patterns, if needed.  Also, if we need
to turn things into a function to avoid multiple evaluations
of buf, that can be done later.  But for now, a macro worked.

* src/util/virendian.h: New file.
* src/Makefile.am (UTIL_SOURCES): Ship it.
* tests/virendiantest.c: New test.
* tests/Makefile.am (test_programs, virendiantest_SOURCES): Run
the test.
* .gitignore: Ignore built file.
2013-02-12 09:00:15 -07:00
Martin Kletzander
3d36b1a4b0 Ignore '.trs' files
When doing checks with automake, there are '<testname>.trs' files left
behind, that might or might not be usable, however these show up in
'git status' even though we definitely don't want them to be tracked
in the repository'.  Automake adds the '--trs-files' option by default
since commit 0c81b43f711fb861f04227ced8dba889596d9c43 [1], which
consequently (from 1.13 in my case) started leaving these files behind
along with '<testname>.log' files as well (which we already ignore).

[1] http://git.savannah.gnu.org/gitweb/?p=automake.git;a=commitdiff;h=0c81b43
2013-01-30 09:37:03 +01:00
Daniel P. Berrange
9c9d4d32d3 Add a port allocator class
Introduce a virPortAllocator for managing TCP port allocations.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-16 11:02:58 +00:00
Michal Privoznik
584cd5c279 .gitignore: Sort alphabetically 2013-01-15 13:32:33 +01:00
Daniel P. Berrange
3d1596b048 Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.

The actual APIs are

  int virDomainLxcOpenNamespace(virDomainPtr domain,
                                int **fdlist,
                                unsigned int flags);

  int virDomainLxcEnterNamespace(virDomainPtr domain,
                                 unsigned int nfdlist,
                                 int *fdlist,
                                 unsigned int *noldfdlist,
                                 int **oldfdlist,
                                 unsigned int flags);

which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.

NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:58:34 +00:00
Daniel P. Berrange
907a39e735 Add a test suite for validating SELinux labelling
There are many aspects of the guest XML which result in the
SELinux driver applying file labelling. With the increasing
configuration options it is desirable to test this behaviour.
It is not possible to assume that the test suite has the
ability to set SELinux labels. Most filesystems though will
support extended attributes. Thus for the purpose of testing,
it is possible to extend the existing LD_PRELOAD hack to
override setfilecon() and getfilecon() to simply use the
'user.libvirt.selinux' attribute for the sake of testing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:40:04 +00:00
Daniel P. Berrange
014afe6501 Rename lxc_protocol.x to lxc_monitor_protocol.x
To avoid confusion between the LXC driver <-> controller
monitor RPC protocol and the libvirt-lxc.so <-> libvirtd public
RPC protocol, rename the former to lxc_monitor_protocol.x

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 09:21:08 +00:00
Cole Robinson
ff93b865cd .gitignore: add tests/sysinfotest 2012-12-17 14:40:48 -05:00
Daniel P. Berrange
eb8268a4f6 Add a virtlockd client as a lock driver impl
This adds a 'lockd' lock driver which is just a client which
talks to the lockd daemon to perform all locking. This will
be the default lock driver for any hypervisor which needs one.

* src/Makefile.am: Add lockd.so plugin
* src/locking/lock_driver_lockd.c: Lockd driver impl

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
0e49b83912 Implement dispatch functions for lock protocol in virtlockd
Introduce a lock_daemon_dispatch.c file which implements the
server side dispatcher the RPC APIs previously defined in the
lock protocol.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
ad39fd83a8 Define a wire protocol for talking to the virtlockd daemon
The virtlockd daemon will be responsible for managing locks
on virtual machines. Communication will be via the standard
RPC infrastructure. This provides the XDR protocol definition

* src/locking/lock_protocol.x: Wire protocol for virtlockd
* src/Makefile.am: Include lock_protocol.[ch] in virtlockd

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
c57e3d8994 Introduce basic infrastructure for virtlockd daemon
The virtlockd daemon will maintain locks on behalf of libvirtd.
There are two reasons for it to be separate

 - Avoid risk of other libvirtd threads accidentally
   releasing fcntl() locks by opening + closing a file
   that is locked
 - Ensure locks can be preserved across libvirtd restarts.
   virtlockd will need to be able to re-exec itself while
   maintaining locks. This is simpler to achieve if its
   sole job is maintaining locks

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Cole Robinson
d13155c20c tools: Only install guests init script if --with-init=script=redhat
Most of this deals with moving the libvirt-guests.sh script which
does all the work to /usr/libexec, so it can be shared by both
systemd and traditional init. Previously systemd depended on
the script being in /etc/init.d

Required to fix https://bugzilla.redhat.com/show_bug.cgi?id=789747
2012-12-11 19:54:37 -05:00
Daniel P. Berrange
76c1fd33c8 Introduce APIs for splitting/joining strings
This introduces a few new APIs for dealing with strings.
One to split a char * into a char **, another to join a
char ** into a char *, and finally one to free a char **

There is a simple test suite to validate the edge cases
too. No more need to use the horrible strtok_r() API,
or hand-written code for splitting strings.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-11-30 20:05:43 +00:00
liguang
b27b712c24 gitignore: ignore more files
ignore cscope.in.out, cscope.po.out

Signed-off-by: liguang <lig.fnst@cn.fujitsu.com>
2012-11-05 15:56:42 +01:00
Michal Privoznik
ffa62d06a8 gitignore: Ignore 'tags' 2012-10-31 16:47:34 +01:00
Peter Krempa
41bf06e96a maint: Sort .gitignore
Sorting of the .gitignore file was broken after the last addition. After
a clean build the scripts re-sort it making the working tree dirty.
2012-10-26 14:39:55 +02:00
Eric Blake
caea10bf75 maint: ignore unsaved emacs files
I did a 'git add .', then realized that it ended up trying to
add the emacs lock file for a corresponding file that I had not
yet saved all my edits; thankfully I noticed it in time.  Since
we already exclude other temporary files, this makes the most
sense for preventing such a mistake from actually hitting upstream.

* .gitignore: Add .#* to the exclude list.
2012-10-25 16:12:46 -06:00
Cole Robinson
7b21981cdb Autogenerate AUTHORS
AUTHORS.in tracks the maintainers, as well as some folks who were
previously in AUTHORS but don't have a git commit with proper
attribution.

Generated output is sorted alphabetically and lacks pretty spacing, so
tweak AUTHORS.in to follow the same format.

Additionally, drop the syntax-check rule that previously validated
AUTHORS against git log.
2012-10-19 12:44:56 -04:00
Daniel P. Berrange
eca72d4759 Introduce an internal API for handling file based lockspaces
The previously introduced virFile{Lock,Unlock} APIs provide a
way to acquire/release fcntl() locks on individual files. For
unknown reason though, the POSIX spec says that fcntl() locks
are released when *any* file handle referring to the same path
is closed. In the following sequence

  threadA: fd1 = open("foo")
  threadB: fd2 = open("foo")
  threadA: virFileLock(fd1)
  threadB: virFileLock(fd2)
  threadB: close(fd2)

you'd expect threadA to come out holding a lock on 'foo', and
indeed it does hold a lock for a very short time. Unfortunately
when threadB does close(fd2) this releases the lock associated
with fd1. For the current libvirt use case for virFileLock -
pidfiles - this doesn't matter since the lock is acquired
at startup while single threaded an never released until
exit.

To provide a more generally useful API though, it is necessary
to introduce a slightly higher level abstraction, which is to
be referred to as a "lockspace".  This is to be provided by
a virLockSpacePtr object in src/util/virlockspace.{c,h}. The
core idea is that the lockspace keeps track of what files are
already open+locked. This means that when a 2nd thread comes
along and tries to acquire a lock, it doesn't end up opening
and closing a new FD. The lockspace just checks the current
list of held locks and immediately returns VIR_ERR_RESOURCE_BUSY.

NB, the API as it stands is designed on the basis that the
files being locked are not being otherwise opened and used
by the application code. One approach to using this API is to
acquire locks based on a hash of the filepath.

eg to lock /var/lib/libvirt/images/foo.img the application
might do

   virLockSpacePtr lockspace = virLockSpaceNew("/var/lib/libvirt/imagelocks");
   lockname = md5sum("/var/lib/libvirt/images/foo.img");
   virLockSpaceAcquireLock(lockspace, lockname);

NB, in this example, the caller should ensure that the path
is canonicalized before calculating the checksum.

It is also possible to do locks directly on resources by
using a NULL lockspace directory and then using the file
path as the lock name eg

   virLockSpacePtr lockspace = virLockSpaceNew(NULL);
   virLockSpaceAcquireLock(lockspace, "/var/lib/libvirt/images/foo.img");

This is only safe to do though if no other part of the process
will be opening the files. This will be the case when this
code is used inside the soon-to-be-reposted virlockd daemon

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-10-16 15:45:55 +01:00
Cole Robinson
e1019e9e84 Only keep one polkit rules file
Just tweak it at build time depending on what polkit version we are
building for.
2012-10-14 15:21:18 -04:00
Richard W.M. Jones
5090c576e3 Add a ./run script for running programs from the local directory.
With this script you can run libvirt programs without needing to
install them first.  You just have to do for example:

  ./run ./tools/virsh [args ...]

If you are already in the tools/ subdirectory, then the following
command will also work:

  ../run ./virsh [...]

You can also run the C programs under valgrind like this:

  ./run valgrind [valgrind opts...] ./program

or under gdb:

  ./run gdb --args ./program

This also works with sudo (eg. if you need root access for libvirt):

  sudo ./run ./tools/virsh list --all

Derived from libguestfs and simplified.  The ./run script in
libguestfs is much more sophisticated:

https://github.com/libguestfs/libguestfs/blob/master/run.in
2012-09-18 10:59:16 +01:00
Richard W.M. Jones
481dfbaed4 gitignore: Ignore .gdb_history file. 2012-09-18 10:03:52 +01:00
Hu Tao
0fc89098a6 New functions for virBitmap
In many places we store bitmap info in a chunk of data
(pointed to by a char *), and have redundant codes to
set/unset bits. This patch extends virBitmap, and convert
those codes to use virBitmap in subsequent patches.
2012-09-17 14:59:36 -04:00
Daniel P. Berrange
48d112210d Introduce a test suite for the JSON monitor
Take advantage of the previously added monitor helpers to
create a test suite for the QEMU JSON monitor impl. As a
proof of concept, this tests the 'qemuMonitorGetStatus'
implementation

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-09-07 13:18:09 +01:00
Daniel P. Berrange
9136032a66 Add test case for SELinux label generation
This test case validates the correct generation of SELinux labels
for VMs, wrt the current process label. Since we can't actually
change the label of the test program process, we create a shared
library libsecurityselinuxhelper.so which overrides the getcon()
and setcon() libselinux.so functions. When started the test case
will check to see if LD_PRELOAD is set, and if not, it will
re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-21 11:37:57 +01:00
Martin Kletzander
2818359075 docs: autogenerate search.php
This patch makes search.php autogenerated from search.php.in, thus
removing hardcoded menus, footer etc. and the search.php is added to
.gitignore.

There is new rule added for *.php files (to make it bit less
hardcoded) that takes *.php.code.in and injects it inside the
generated *.php (xslt was not happy about php code in the source xml).
2012-08-10 10:58:38 +02:00